Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-H377-287M-W2R9
HistoryMay 13, 2022 - 1:36 a.m.

Drupal file REST resource does not properly validate

2022-05-1301:36:23
CWE-20
GitHub Advisory Database
github.com
2

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

9.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.7%

JSON

In Drupal 8 prior to 8.3.4; The file REST resource does not properly validate some fields when manipulating files. A site is only affected by this if the site has the RESTful Web Services (rest) module enabled, the file REST resource is enabled and allows PATCH requests, and an attacker can get or register a user account on the site with permissions to upload files and to modify the file resource.

CPENameOperatorVersion
drupal/drupallt8.3.4
drupal/corelt8.3.4

Related

friendsofphp 2
prion 1
veracode 1
osv 2
cve 1
nessus 4
openvas 3
freebsd 1
fedora 1
friendsofphp
friendsofphp
File REST resource does not properly validate
2017-06-21 18:13:27
File REST resource does not properly validate
2017-06-21 18:13:27
prion
prion
Design/Logic Flaw
2019-01-15 21:29:00
veracode
veracode
Improper File Validation
2017-06-27 06:38:53
osv
osv
Drupal file REST resource does not properly validate
2022-05-13 01:36:23
CVE-2017-6921
2019-01-15 21:29:00
cve
cve
CVE-2017-6921
2019-01-15 21:29:00
nessus
nessus
Drupal 8.x < 8.3.4 Multiple Vulnerabilities
2018-11-05 00:00:00
Drupal 7.x < 7.56 / 8.x < 8.3.4 Multiple Vulnerabilities (SA-CORE-2017-003)
2017-06-27 00:00:00
Drupal 7.x < 7.56 Multiple Vulnerabilities
2018-11-05 00:00:00
openvas
openvas
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Linux
2017-06-22 00:00:00
Drupal Core Multiple Vulnerabilities (SA-CORE-2017-003) - Windows
2017-06-22 00:00:00
Fedora Update for drupal8 FEDORA-2018-922cc2fbaa
2018-04-25 00:00:00
freebsd
freebsd
drupal -- Drupal Core - Multiple Vulnerabilities
2017-06-21 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: drupal8-8.3.9-1.fc26
2018-04-24 03:28:25

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

9.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.009 Low

EPSS

Percentile

82.7%

JSON
Related for GHSA-H377-287M-W2R9
friendsofphp2prion1veracode1osv2cve1nessus4openvas3freebsd1fedora1